D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Web Pages

 

Those are all good points. Also is the same pass and username used for
your email and the website ?

If you use Wifi at home and access your e-mail through a webmail
application like Gmail then it is not to hard for a thief to steal
your website cookie and thus your email.

If you do use Wifi do NOT use WEP, its totally insecure and can be
cracked in under ten minutes using commonly available apps.

WPA is better but WPA2 is probably the best wireless encryption scheme
going, also use https to protect your e-mail from clear text sniffing.


2008/8/10 Henry Bremridge <henry.bremridge@xxxxxxxxx>:
> On Sun, Aug 10, 2008 at 07:17:04AM +0100, peter wrote:
>> On Sat, 2008-08-09 at 22:00 +0100, Ross Bearman wrote:
>> > What security concerns do you have about (using my ISP to hold a web page)?
>> > Somebody trying to access your account?
>> >
>> Hi Ross
>>
>> I am quite happy for them to get "stuff" I have stored on my ISP, but am
>> worried that perhaps they can get further.
>>
>> Yes, like getting into my e'mail account.  I may add I do not know a lot
>> about this.
>>
>
> Break down the problem into stages
>
> - Are you worried that someone you know will break in or someone you do not know. 
> If someone does not know you then they will have to discover your email address. 
> (Every member of the LUG has your email address). This quickly moves into identity 
> theft and problems associated with that and I would have thought that was a bigger 
> problem.
>
> - Does your ISP have a separate username and password to log in? (ie your username 
> is different from your email address?).
>
> - How easy is it to guess the password and or username? Look up google on "social 
> hacking". There are various sites on choosing good passwords eg 
> https://www.grc.com/passwords.htm And how often do you change the password? Look 
> up on google on "cracking passwords"
>
> - Do you use wifi when you access your internet? When you login to read webmail, 
> do you login to your server with SSL engaged (ie https) or with http?  To read 
> email over wifi do you download your email securely or in clear? Others may have 
> more information but my understanding is that if you download email over wifi (eg 
> in Macdonalds) then anyone nearby can read your email. see  
> http://www.securityfocus.com/columnists/385
>
> - How often do you change the password? ie if it is broken when do you change it 
> to an unbroken one?
>
> - Then how secure is the ISP itself? Most I would have thought are properly 
> patched and updated. But in a quick google I can across the following link 
> http://www.ukfast.net/int-news/broadbandchoices_nearly_expose_unsecure_isp.html
>
> - Finally how likely is it that someone is going to try and break in? My 
> understanding about security is that a lot of the issues are having enough 
> security that a random cracker will try an easier target. Conversely if you are 
> worried that Government Agencies or Organised Crime are looking for *you*, then 
> you have other problems. :)
>
> These are my own thoughts. Others who are experienced may have different 
> viewpoints.
>
>
>
> --
> Henry
> Photocopies or faxes of my signature are not binding. Electronic documents 
> (including email) are binding if digitally signed and appropriately verified
> PGP Key : 0x854F8D8D
> Sun Aug 10 10:13:20 BST 2008
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iJwEAQECAAYFAkiesTgACgkQrysVpvtEeqGbXAQAkOySq82H9j4zs14XBaijs+U5
> GNkqS4zQZbWH52snOGRlZ9aJDeyXyJsPQojRdw2HdOyhIay39/C0aHvkha5/NB19
> T7vJ0r5sS8617xfr/UKjQu7Ppxk0avIz8T+eDxihrfZHB8T+iQaF4Q6fFcXJv7OG
> mq2kqCzWW4sYpO8HpRQ=
> =8WFS
> -----END PGP SIGNATURE-----
>
> --
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html
>
>

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html